Canokey - KVM's Emulated GPG Smartcard

Canokey is a project to simulate a smartcard that deals with GPG keys among others. It is able to handle all kinds asymmetric ciphers including elliptic curves.

QEMU has developed a device that emulates and attaches it to a guest over USB. The upstream code needs to be built as there is no readily available package for it. However this is it - the trusted GPG holy-grail that Qubes had for some time now except it supports many more key types.

This is arguably easier to deal with than contorting a GPG key to fit into an emulated TPM.

1 Like